Re: [PATCH 0/1] futex: check PF_KTHREAD rather than !p->mm to filter out kthreads

[Peter Zijlstra <peterz@infradead.org>]

On Wed, Feb 04, 2015 at 09:25:09PM +0100, Oleg Nesterov wrote:
> > I'm not entire sure why we need two PF flags for this; once PF_EXITING
> > is set userspace is _dead_ and it doesn't make sense to keep adding
> > (futex) PI-state to the task.
> 
> This is what I _seem_ to understand: exit_robust_list(). Although I am
> not sure this all is by design...
> 
> And this is the reason why I still can't finish the patch. Perhaps I am
> totally confused, but I think there is yet another problem here.
> 
> Please forget about PF_EXIT.*. attach_to_pi_owner() returns -ESRCH if
> futex_find_get_task() and even this looks wrong. 

You'll have to help me out a little here; where do we unhash the PIDs?
>From what I can find we set PF_EXITING _before_ unhashing ourselves.

In fact, from what I can tell we only unhash after calling both
exit_robust_list and exit_pi_state_list.

> Because handle_futex_death()
> updates *uaddr lockless and does nothing if "pi". This means that the owner
> of PI + robust mutex can go away (or just set PF_EXITPIDONE) and the caller
> of futex_lock_pi() can miss unlock.
> 
> Peter, could you confirm that this problem does exist, or I missed something?

So as long as we unhash _last_ I can't see this happening, we'll always
find the task, the robust list walk doesn't care about PI state.

The exit_pi_state_list() will serialize against any concurrent attach
that might be in progress -- and we nkow there won't be a new one since
we've set PF_EXITING. And kill all the PI owners stuff.

But please, if you suspect, share a little more detail on how you see
this happening, this is not code I've looked at in detail before.